[Secure-testing-commits] r22684 - data/CVE
Author: carnil Date: 2013-06-19 06:43:59 + (Wed, 19 Jun 2013) New Revision: 22684 Modified: data/CVE/list Log: add unchecked gnome-shell CVE Modified: data/CVE/list === --- data/CVE/list 2013-06-19 05:23:13 UTC (rev 22683) +++ data/CVE/list 2013-06-19 06:43:59 UTC (rev 22684) @@ -5371,6 +5371,8 @@ RESERVED CVE-2013-2190 RESERVED + - gnome-shell + TODO: check CVE-2013-2189 RESERVED CVE-2013-2188 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22683 - data/CVE
Author: jmm Date: 2013-06-19 05:23:13 + (Wed, 19 Jun 2013) New Revision: 22683 Modified: data/CVE/list Log: puppet bugnum Modified: data/CVE/list === --- data/CVE/list 2013-06-19 05:19:24 UTC (rev 22682) +++ data/CVE/list 2013-06-19 05:23:13 UTC (rev 22683) @@ -2204,7 +2204,7 @@ RESERVED CVE-2013-3567 RESERVED - - puppet + - puppet (bug #712745) CVE-2013-3566 RESERVED CVE-2013-3565 @@ -5429,6 +5429,7 @@ CVE-2013-2171 [Privilege escalation via mmap] RESERVED - kfreebsd-9 (bug #712664) + - kfreebsd-8 (Only affects 9.x) CVE-2013-2170 RESERVED CVE-2013-2169 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22682 - in data: . CVE
Author: jmm Date: 2013-06-19 05:19:24 + (Wed, 19 Jun 2013) New Revision: 22682 Modified: data/CVE/list data/dsa-needed-stable.txt Log: new puppet issue Modified: data/CVE/list === --- data/CVE/list 2013-06-19 04:58:47 UTC (rev 22681) +++ data/CVE/list 2013-06-19 05:19:24 UTC (rev 22682) @@ -2204,6 +2204,7 @@ RESERVED CVE-2013-3567 RESERVED + - puppet CVE-2013-3566 RESERVED CVE-2013-3565 Modified: data/dsa-needed-stable.txt === --- data/dsa-needed-stable.txt 2013-06-19 04:58:47 UTC (rev 22681) +++ data/dsa-needed-stable.txt 2013-06-19 05:19:24 UTC (rev 22682) @@ -21,7 +21,7 @@ memcached -- nginx - maintainer prepared an update + maintainer uploaded an update -- openjdk-7 Package from sid needs to be rebuild in stable-security @@ -30,6 +30,8 @@ -- otrs2 -- +puppet +-- ruby1.9.1 -- srtp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22681 - data/CVE
Author: carnil Date: 2013-06-19 04:58:47 + (Wed, 19 Jun 2013) New Revision: 22681 Modified: data/CVE/list Log: ruby-multi-xml is now in the archive Modified: data/CVE/list === --- data/CVE/list 2013-06-19 01:07:23 UTC (rev 22680) +++ data/CVE/list 2013-06-19 04:58:47 UTC (rev 22681) @@ -11458,7 +11458,7 @@ NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/ NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8 CVE-2013-0175 (multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and ...) - - ruby-multi-xml (bug #691189) + - ruby-multi-xml (Vulnerable version never in the archive) NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2 CVE-2013-0174 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22680 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22680 - data/CVE
Author: mgilbert Date: 2013-06-19 01:07:23 + (Wed, 19 Jun 2013) New Revision: 22680 Modified: data/CVE/list Log: issue is in gnome-keyring source package rather than libgnome-keyring Modified: data/CVE/list === --- data/CVE/list 2013-06-19 00:54:48 UTC (rev 22679) +++ data/CVE/list 2013-06-19 01:07:23 UTC (rev 22680) @@ -12141,9 +12141,9 @@ NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036 CVE-2012-6111 [gnome-keyring does not discard stored secrets in some cases] RESERVED - - libgnome-keyring 3.8.2-1 (low; bug #697896) - [squeeze] - libgnome-keyring (Minor issue) - [wheezy] - libgnome-keyring (Minor issue) + - gnome-keyring 3.8.2-1 (low; bug #697896) + [squeeze] - gnome-keyring (Minor issue) + [wheezy] - gnome-keyring (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5 CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...) - ruby-rack 1.4.1-2.1 (bug #698440) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22679 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22679 - data/CVE
Author: mgilbert Date: 2013-06-19 00:54:48 + (Wed, 19 Jun 2013) New Revision: 22679 Modified: data/CVE/list Log: gnome-keyring fixed Modified: data/CVE/list === --- data/CVE/list 2013-06-18 22:50:11 UTC (rev 22678) +++ data/CVE/list 2013-06-19 00:54:48 UTC (rev 22679) @@ -12141,7 +12141,7 @@ NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036 CVE-2012-6111 [gnome-keyring does not discard stored secrets in some cases] RESERVED - - libgnome-keyring (low; bug #697896) + - libgnome-keyring 3.8.2-1 (low; bug #697896) [squeeze] - libgnome-keyring (Minor issue) [wheezy] - libgnome-keyring (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22678 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22678 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22678 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22678 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22678 - data/DSA
Author: mgilbert
Date: 2013-06-18 22:50:11 + (Tue, 18 Jun 2013)
New Revision: 22678
Modified:
data/DSA/list
Log:
update date
Modified: data/DSA/list
===
--- data/DSA/list 2013-06-18 21:20:12 UTC (rev 22677)
+++ data/DSA/list 2013-06-18 22:50:11 UTC (rev 22678)
@@ -39,7 +39,7 @@
[02 Jun 2013] DSA-2699-1 iceweasel - several
{CVE-2013-0773 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782
CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795
CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674
CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679
CVE-2013-1680 CVE-2013-1681}
[wheezy] - iceweasel 17.0.6esr-1~deb7u1
-[16 Jun 2013] DSA-2698-1 tiff - buffer overflow
+[18 Jun 2013] DSA-2698-1 tiff - buffer overflow
{CVE-2013-1960 CVE-2013-1961}
[squeeze] - tiff 3.9.4-5+squeeze9
[wheezy] - tiff 4.0.2-6+deb7u1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22677 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r22677 failed
The error message was: data/CVE/list:11460: ITPed package ruby-multi-xml is in the archive make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22677 - data/CVE
Author: fgeek-guest Date: 2013-06-18 21:20:12 + (Tue, 18 Jun 2013) New Revision: 22677 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-06-18 21:16:06 UTC (rev 22676) +++ data/CVE/list 2013-06-18 21:20:12 UTC (rev 22677) @@ -1,11 +1,11 @@ CVE-2013-4616 NOT-FOR-US: Apple iOS CVE-2013-4615 - TODO: check + NOT-FOR-US: EMC Smarts Network Configuration Manager CVE-2013-4614 - TODO: check + NOT-FOR-US: EMC Smarts Network Configuration Manager CVE-2013-4613 - TODO: check + NOT-FOR-US: EMC RSA Data Protection Manager Appliance CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before ...) NOT-FOR-US: REDCap CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22676 - data/CVE
Author: joeyh Date: 2013-06-18 21:16:06 + (Tue, 18 Jun 2013) New Revision: 22676 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2013-06-18 19:59:20 UTC (rev 22675) +++ data/CVE/list 2013-06-18 21:16:06 UTC (rev 22676) @@ -1,12 +1,11 @@ CVE-2013-4616 - RESERVED NOT-FOR-US: Apple iOS CVE-2013-4615 - RESERVED + TODO: check CVE-2013-4614 - RESERVED + TODO: check CVE-2013-4613 - RESERVED + TODO: check CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before ...) NOT-FOR-US: REDCap CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22675 - data/CVE
Author: jmm
Date: 2013-06-18 19:59:20 + (Tue, 18 Jun 2013)
New Revision: 22675
Modified:
data/CVE/list
Log:
zabbix/no-dsa
Modified: data/CVE/list
===
--- data/CVE/list 2013-06-18 19:55:03 UTC (rev 22674)
+++ data/CVE/list 2013-06-18 19:59:20 UTC (rev 22675)
@@ -7992,6 +7992,7 @@
CVE-2013-1364 [possible to override LDAP configuration parameters via the API]
RESERVED
- zabbix 1:2.0.4+dfsg-2 (bug #698541)
+ [squeeze] - zabbix (Will be handled through point update)
NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
CVE-2013-1363
RESERVED
@@ -12233,6 +12234,7 @@
CVE-2012-6086 [zabbix insecure curl usage]
RESERVED
- zabbix (bug #697443)
+ [squeeze] - zabbix (Will be handled through point update)
NOTE: https://support.zabbix.com/browse/ZBX-5924
CVE-2012-6085 (The read_block function in g10/import.c in GnuPG 1.4.x before
1.4.13 ...)
{DSA-2601-1}
@@ -27812,6 +27814,7 @@
NOT-FOR-US: Novell Sentinel Log Manager
CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before
1.8.10 ...)
- zabbix 1:1.8.10-1 (bug #652664)
+ [squeeze] - zabbix (Will be handled through point update)
CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in the addPost
function in ...)
NOT-FOR-US: Winn Guestbook
CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki
...)
@@ -29374,7 +29377,8 @@
NOTE: Nearly a duplicate of CVE-2011-1932.
NOTE: CVE's SPLIT decision is unclear.
CVE-2011-4674 (SQL injection vulnerability in popup.php in Zabbix 1.8.3 and
1.8.4, ...)
- - zabbix 1:1.8.9-1 (high; bug #651225)
+ - zabbix 1:1.8.9-1 (bug #651225)
+ [squeeze] - zabbix (Will be handled through point update)
CVE-2011-4673 (SQL injection vulnerability in modules/sharedaddy.php in the
Jetpack ...)
NOT-FOR-US: Jetpack plugin for Wordpress
CVE-2011-4672 (Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6
and ...)
@@ -29522,6 +29526,7 @@
[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix
before ...)
- zabbix 1:1.8.10-1 (bug #652664)
+ [squeeze] - zabbix (Will be handled through point update)
CVE-2011-4614 (PHP remote file inclusion vulnerability in ...)
- typo3-src 4.5.9+dfsg1-1 (bug #652365)
[squeeze] - typo3-src (Only affects 4.5 onwards)
@@ -33652,11 +33657,13 @@
NOT-FOR-US: Wordpress plugin
CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to
read the ...)
- zabbix 1:1.8.9-1
+ [squeeze] - zabbix (Will be handled through point update)
CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive
...)
- zabbix 1:1.8.6-1 (unimportant)
NOTE: Installation path is known anyway for the Debian package
CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4
allows ...)
- zabbix 1:1.8.6-1
+ [squeeze] - zabbix (Will be handled through point update)
CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and
4.1 ...)
{DSA-2337-1}
- xen 4.1.1-1
@@ -34820,6 +34827,7 @@
[lenny] - linux-2.6 (perf not yet present)
CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in
Zabbix ...)
- zabbix 1:1.8.6-1
+ [squeeze] - zabbix (Will be handled through point update)
CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow
...)
- tcptrack 1.4.2-1 (unimportant; bug #551092)
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22674 - data/CVE
Author: jmm Date: 2013-06-18 19:55:03 + (Tue, 18 Jun 2013) New Revision: 22674 Modified: data/CVE/list Log: movabletype no-dsa no-dsa for squeeze: automysqlbackup, mahara, axis, boinc disputed dokuwiki issue unimportant update status of one ffmpeg entry Modified: data/CVE/list === --- data/CVE/list 2013-06-18 19:50:06 UTC (rev 22673) +++ data/CVE/list 2013-06-18 19:55:03 UTC (rev 22674) @@ -1940,9 +1940,8 @@ CVE-2013-3676 RESERVED CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg ...) - - ffmpeg - [squeeze] - ffmpeg (codec not built) - - libav (codec not built) + - ffmpeg (Smush codec not present in 0.5 ffmpeg) + - libav (Smush codec not present in libav) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915 CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...) - ffmpeg @@ -5385,6 +5384,8 @@ CVE-2013-2184 RESERVED - movabletype-opensource (bug #712602) + [squeeze] - movabletype-opensource (Minor issue) + [wheezy] - movabletype-opensource (Minor issue) CVE-2013-2183 RESERVED - monkey (low) @@ -5994,7 +5995,8 @@ - clamav 0.97.8+dfsg-1 CVE-2013-2019 [stack overflow vulnerabilities in the XML parser] RESERVED - - boinc 6.13.6+dfsg-1 + - boinc 6.13.6+dfsg-1 (low) + [squeeze] - boinc (Minor issue) NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156 CVE-2013-2018 [SQL injections in the server-side scheduler code] RESERVED @@ -13265,7 +13267,8 @@ NOT-FOR-US: Axis2/Java NOTE: Axis2/C is packaged as axis2c, but this is a different software. CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...) - - axis 1.4-16.1 (bug #692650) + - axis 1.4-16.1 (low; bug #692650) + [squeeze] - axis (Minor issue) CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...) - commons-httpclient 3.1-10.1 (bug #692442) [squeeze] - commons-httpclient (Minor issue) @@ -23024,7 +23027,7 @@ [squeeze] - dokuwiki NOTE: http://secunia.com/advisories/48848/ CVE-2012-2128 (** DISPUTED ** ...) - - dokuwiki 0.0.20120125a-1 + - dokuwiki 0.0.20120125a-1 (unimportant) NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488 CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...) - linux-2.6 3.2-1 @@ -31033,7 +31036,8 @@ - libcap2 1:2.22-1 (low) [squeeze] - libcap2 (Minor issue) CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux ...) - - linux-2.6 3.2.1-1 + - linux 3.2.1-1 + - linux-2.6 CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the ...) - linux-2.6 3.0.0-6 [squeeze] - linux-2.6 (Introduced in 2.6.39) @@ -32513,7 +32517,8 @@ RESERVED CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)] RESERVED - - mahara (bug #699230) + - mahara (low; bug #699230) + [squeeze] - mahara (Minor issue) NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441 CVE-2011-3641 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22673 - data/CVE
Author: fgeek-guest Date: 2013-06-18 19:50:06 + (Tue, 18 Jun 2013) New Revision: 22673 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-06-18 19:40:26 UTC (rev 22672) +++ data/CVE/list 2013-06-18 19:50:06 UTC (rev 22673) @@ -1421,6 +1421,7 @@ RESERVED CVE-2013-3927 RESERVED + NOT-FOR-US: Siemens COMOS CVE-2013-3926 RESERVED CVE-2013-3925 @@ -2038,12 +2039,15 @@ RESERVED CVE-2013-3647 RESERVED + NOT-FOR-US: Cybozu Live for Android CVE-2013-3646 RESERVED + NOT-FOR-US: Cybozu Live for Android CVE-2013-3645 (Cross-site scripting (XSS) vulnerability in the Orchard.Comments ...) NOT-FOR-US: Orchard CVE-2013-3644 RESERVED + NOT-FOR-US: JustSystems Ichitaro CVE-2013-3643 (The Galapagos Browser application for Android does not properly ...) TODO: check CVE-2013-3642 (The Angel Browser application 1.47b and earlier for Android 1.6 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22672 - data
Author: jmm Date: 2013-06-18 19:40:26 + (Tue, 18 Jun 2013) New Revision: 22672 Modified: data/dsa-needed-stable.txt Log: tiff DSA released pick vlc Modified: data/dsa-needed-stable.txt === --- data/dsa-needed-stable.txt 2013-06-18 17:37:22 UTC (rev 22671) +++ data/dsa-needed-stable.txt 2013-06-18 19:40:26 UTC (rev 22672) @@ -36,10 +36,8 @@ -- strongswan -- -tiff --- tomcat6 -- tomcat7 -- -vlc +vlc (jmm) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22671 - data/CVE
Author: fgeek-guest Date: 2013-06-18 17:37:22 + (Tue, 18 Jun 2013) New Revision: 22671 Modified: data/CVE/list Log: NFU Modified: data/CVE/list === --- data/CVE/list 2013-06-18 16:39:59 UTC (rev 22670) +++ data/CVE/list 2013-06-18 17:37:22 UTC (rev 22671) @@ -1,3 +1,12 @@ +CVE-2013-4616 + RESERVED + NOT-FOR-US: Apple iOS +CVE-2013-4615 + RESERVED +CVE-2013-4614 + RESERVED +CVE-2013-4613 + RESERVED CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before ...) NOT-FOR-US: REDCap CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow ...) @@ -8316,6 +8325,7 @@ NOT-FOR-US: Cisco IOS XR CVE-2013-1203 RESERVED + NOT-FOR-US: Cisco ASA CVE-2013-1202 RESERVED CVE-2013-1201 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22670 - data
Author: jmm Date: 2013-06-18 16:39:59 + (Tue, 18 Jun 2013) New Revision: 22670 Modified: data/next-point-update.txt Log: libmodule-signature-perl spu Modified: data/next-point-update.txt === --- data/next-point-update.txt 2013-06-18 16:36:22 UTC (rev 22669) +++ data/next-point-update.txt 2013-06-18 16:39:59 UTC (rev 22670) @@ -0,0 +1,2 @@ +CVE-2013-2145 + [wheezy] - libmodule-signature-perl 0.68-1+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22668 - data
Author: carnil Date: 2013-06-18 16:36:11 + (Tue, 18 Jun 2013) New Revision: 22668 Modified: data/dsa-needed-stable.txt Log: sort alphabeticaly Modified: data/dsa-needed-stable.txt === --- data/dsa-needed-stable.txt 2013-06-18 16:24:32 UTC (rev 22667) +++ data/dsa-needed-stable.txt 2013-06-18 16:36:11 UTC (rev 22668) @@ -28,6 +28,8 @@ -- openswan -- +otrs2 +-- ruby1.9.1 -- srtp @@ -40,6 +42,4 @@ -- tomcat7 -- -otrs2 --- vlc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22669 - data/CVE
Author: jmm Date: 2013-06-18 16:36:22 + (Tue, 18 Jun 2013) New Revision: 22669 Modified: data/CVE/list Log: otrs not in squeeze Modified: data/CVE/list === --- data/CVE/list 2013-06-18 16:36:11 UTC (rev 22668) +++ data/CVE/list 2013-06-18 16:36:22 UTC (rev 22669) @@ -1057,6 +1057,7 @@ CVE-2013-4088 [Information Disclosure] RESERVED - otrs2 + [squeeze] - otrs2 (Only affects 3.x) CVE-2013-4087 RESERVED CVE-2013-4086 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22667 - data
Author: carnil Date: 2013-06-18 16:24:32 + (Tue, 18 Jun 2013) New Revision: 22667 Modified: data/dsa-needed-stable.txt Log: add otrs2 to dsa-needed-stable.txt Modified: data/dsa-needed-stable.txt === --- data/dsa-needed-stable.txt 2013-06-18 16:16:35 UTC (rev 22666) +++ data/dsa-needed-stable.txt 2013-06-18 16:24:32 UTC (rev 22667) @@ -40,4 +40,6 @@ -- tomcat7 -- +otrs2 +-- vlc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22666 - data/CVE
Author: carnil Date: 2013-06-18 16:16:35 + (Tue, 18 Jun 2013) New Revision: 22666 Modified: data/CVE/list Log: add otrs2 issue Modified: data/CVE/list === --- data/CVE/list 2013-06-18 15:55:08 UTC (rev 22665) +++ data/CVE/list 2013-06-18 16:16:35 UTC (rev 22666) @@ -1054,8 +1054,9 @@ RESERVED CVE-2013-4089 RESERVED -CVE-2013-4088 +CVE-2013-4088 [Information Disclosure] RESERVED + - otrs2 CVE-2013-4087 RESERVED CVE-2013-4086 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22665 - data
Author: carnil Date: 2013-06-18 15:55:08 + (Tue, 18 Jun 2013) New Revision: 22665 Modified: data/dsa-needed-stable.txt Log: remove xml-security-c from dsa-needed-stable.txt file Modified: data/dsa-needed-stable.txt === --- data/dsa-needed-stable.txt 2013-06-18 15:51:11 UTC (rev 22664) +++ data/dsa-needed-stable.txt 2013-06-18 15:55:08 UTC (rev 22665) @@ -41,5 +41,3 @@ tomcat7 -- vlc --- -xml-security-c ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22664 - data/CVE
Author: carnil Date: 2013-06-18 15:51:11 + (Tue, 18 Jun 2013) New Revision: 22664 Modified: data/CVE/list Log: add entry for CVE-2013-2171/kfreebsd-9 Modified: data/CVE/list === --- data/CVE/list 2013-06-18 13:28:08 UTC (rev 22663) +++ data/CVE/list 2013-06-18 15:51:11 UTC (rev 22664) @@ -5410,8 +5410,9 @@ - wordpress CVE-2013-2172 RESERVED -CVE-2013-2171 +CVE-2013-2171 [Privilege escalation via mmap] RESERVED + - kfreebsd-9 (bug #712664) CVE-2013-2170 RESERVED CVE-2013-2169 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r22663 - data/CVE
Author: atomo64-guest Date: 2013-06-18 13:28:08 + (Tue, 18 Jun 2013) New Revision: 22663 Modified: data/CVE/list Log: update to ffmpeg/libav issues Modified: data/CVE/list === --- data/CVE/list 2013-06-18 09:14:26 UTC (rev 22662) +++ data/CVE/list 2013-06-18 13:28:08 UTC (rev 22663) @@ -1,13 +1,13 @@ CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before ...) - TODO: check + NOT-FOR-US: REDCap CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow ...) - TODO: check + NOT-FOR-US: REDCap CVE-2013-4610 (Unspecified vulnerability in the Data Search utility in data-entry ...) - TODO: check + NOT-FOR-US: REDCap CVE-2013-4609 (REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain ...) - TODO: check + NOT-FOR-US: REDCap CVE-2013-4608 (Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows ...) - TODO: check + NOT-FOR-US: REDCap CVE-2013-4607 RESERVED CVE-2013-4606 @@ -15,13 +15,13 @@ CVE-2013-4605 RESERVED CVE-2012-6567 (REDCap before 4.14.0 allows remote authenticated users to execute ...) - TODO: check + NOT-FOR-US: REDCap CVE-2012-6566 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 ...) - TODO: check + NOT-FOR-US: REDCap CVE-2012-6565 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 ...) - TODO: check + NOT-FOR-US: REDCap CVE-2012-6564 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 ...) - TODO: check + NOT-FOR-US: REDCap CVE-2013-4604 RESERVED CVE-2013-4603 @@ -1345,11 +1345,11 @@ CVE-2013-3960 RESERVED CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web Navigator ...) - TODO: check + NOT-FOR-US: Siemens WinCC CVE-2013-3956 RESERVED CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x ...) @@ -1929,27 +1929,24 @@ RESERVED CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg ...) - ffmpeg - - libav - TODO: check - NOTE: fixed in ffmpeg 1.2.1 + [squeeze] - ffmpeg (codec not built) + - libav (codec not built) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915 CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...) - ffmpeg + [squeeze] - ffmpeg (codec not built) - libav TODO: check - NOTE: fixed in ffmpeg 1.2.1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942 CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...) - ffmpeg - libav TODO: check - NOTE: fixed in ffmpeg 1.2.1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d23b8462b5a4a9da78ed45c4a7a3b35d538df909 CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...) - ffmpeg - libav TODO: check - NOTE: fixed in ffmpeg 1.2.1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8d3c99e825317b7efda5fd12e69896b47c700303 CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...) - ffmpeg @@ -1961,7 +1958,6 @@ - ffmpeg - libav TODO: check - NOTE: fixed in ffmpeg 1.2.1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb CVE-2013-3669 RESERVED @@ -9028,42 +9024,36 @@ - ffmpeg - libav TODO: check - NOTE: fixed in ffmpeg 1.1.3 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=796012af6c780b5b13ebca39a491f215515a18fe CVE-2013-0877 [libavcodec/sanm.c out of array accesses] RESERVED - ffmpeg - - libav - TODO: check - NOTE: fixed in ffmpeg 1.1.3 + [squeeze] - ffmpeg (codec not built) + - libav (codec not built) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=365270aec5c2b9284230abc702b11168818f14cf CVE-2013-0876 [libavcodec/sanm.c integer overflow and out of array accesses] RESERVED - ffmpeg - - libav - TODO: check - NOTE: fixed in ffmpeg 1.1.3 + [squeeze] - ffmpeg (codec not built) + - libav (codec not built) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1
[Secure-testing-commits] r22662 - data/CVE
Author: joeyh
Date: 2013-06-18 09:14:26 + (Tue, 18 Jun 2013)
New Revision: 22662
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2013-06-18 06:22:25 UTC (rev 22661)
+++ data/CVE/list 2013-06-18 09:14:26 UTC (rev 22662)
@@ -5459,15 +5459,19 @@
- keystone 2013.1.2-1 (bug #712160)
CVE-2013-2156 [heap overflow while processing InclusiveNamespace PrefixList]
RESERVED
+ {DSA-2710-1}
- xml-security-c 1.6.1-6
CVE-2013-2155 [denial of service and hash length bypass issues while
processing HMAC signatures]
RESERVED
+ {DSA-2710-1}
- xml-security-c 1.6.1-6
CVE-2013-2154 [stack overflow during XPointer evaluation]
RESERVED
+ {DSA-2710-1}
- xml-security-c 1.6.1-6
CVE-2013-2153 [XML Signature Bypass issue]
RESERVED
+ {DSA-2710-1}
- xml-security-c 1.6.1-6
CVE-2013-2152 [rhevm: spice service unquoted search path]
RESERVED
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
